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DETAILED ACTION 

1 . Claims 30-38 are pending. 

2. Amendment filed 04/30/2008 has been received and considered. 

Claim Rejections - 35 USC § 101 

3. The rejection under 35 U.S.C. 101 has been withdrawn based on the filed 
amendment. 

Claim Rejections - 35 USC § 103 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claims 30-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Boroughs et al. (US 6834350) in view of Fujiyama et al. (US 6971 026). 

As per claims 30 and 33, Boroughs et al. discloses a security system comprising: 
an activation token identifying system characteristics and specifying a threat and at 
least one preset activation measure, wherein a system characteristic is one of the group 
of a hardware system, a service, a configuration of a service, a service execution 
platform, and a service session (see column 2 line 62 through column 3 line 34); a first 
system comprising a processor, the first system configured to at least review security 
and vulnerability information form information publishers and to provide the activation 
token based on filtered security and vulnerability information (see column 2 line 59 
through column 3 line 10); and a second system configured to determine whether the 
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activation token is relevant by checking if actual characteristics at the second system 
correspond to the system characteristics identified by the activation token, the second 
system further configured to transform the activation token into at least one activation 
measure if the activation token is considered relevant by the second system the 
activation measure configured to modify services executing at the second system (see 
column 3 lines 35-67 and column 4 lines 1-5) wherein the first system is further 
configured to automatically filter the security and vulnerability information relevant to the 
system characteristics identified by the activation token (see column 2 line 59 through 
column 3 line 10 and Figure 17). 

Boroughs et al. fail to explicitly disclose including a threat level within the 
activation token. 

However, Fujiyama et al. teaches including a trust level with an activation token 
(see figures 2-5 and column 7 line 54 through column 8 line 55). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to include trust levels with the activation tokens of Boroughs et al. 

Motivation to do so would have been to distinguish between the types of threats 
(see figures 2-5 and column 7 line 54 through column 8 line 55). 

As per claim 31 , the modified Boroughs et al. and Fujiyama et al. system 
discloses cryptographic means configured to verify at the second system that the first 
system is a trusted service (see Boroughs et al. column 3 lines 55-67). 

As per claim 32, the modified Boroughs et al. and Fujiyama et al. system 
discloses reporting means configured to report to a system administrator of the second 
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system any activation measure taken by the second system (see Boroughs et al. 
column 2 lines 59-67). 

As per claim 34, the modified Boroughs et al. and Fujiyama et al. system 
discloses a list of trusted service providers from whom activation tokens are accepted 
by the second system (see Fujiyama et al. column 8 lines 13-39). 

As per claims 35 and 36, the modified Boroughs et al. and Fujiyama et al. system 
discloses a preset activation measure is one of shutting down a service affected by the 
specified threat level and reconfiguration of the service (see Fujiyama et al. Figure 3 
column 202). 

As per claim 38, the modified Boroughs et al. and Fujiyama et al. system fails to 
explicitly disclose that the at least one preset activation measure is alerting a system 
administrator. 

However, Official Notice is taken that at the time of the invention it would have 
been obvious to alert a system administrator. 

Motivation to do so would have been so that the system administrator knows to 
take action. 

6. Claim 37 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 
modified Boroughs et al. and Fujiyama et al. system as applied to claim 30 above, and 
further in view of Pearson (US 6990591). 

As per claim 37, the modified Boroughs et al. and Fujiyama et al. system fails to 
explicitly disclose installing a patch as an activation measure. 

However, Pearson teaches installing a patch (see column 13 lines 4-15). 
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At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to install a patch as one of the activation measures of the modified 
Boroughs et al. and Fujiyama et al. system. 

Motivation to do so would have been to update the attack signature list (see 
Pearson column 13 lines 4-15). 

Response to Arguments 

7. Applicant's arguments filed 04/30/2008 have been fully considered but they are 
not persuasive. Applicant argues that Boroughs fails to disclose "a first system 
comprising a processor, the first system configured to at least review security and 
vulnerability information form information publishers and to provide the activation token 
based on filtered security and vulnerability information"; and fails to disclose "a second 
system configured to determine whether the activation token is relevant by checking if 
actual characteristics at the second system correspond to the system characteristics 
identified by the activation token, the second system further configured to transform the 
activation token into at least one activation measure if the activation token is considered 
relevant by the second system the activation measure configured to modify services 
executing at the second system"; Boroughs teaches away from a combination with 
Fujiyama; claim 31 is allowable for the reasons put forth above; Boroughs fails to teach 
the limitations of claim 32; claim 33 is allowable for the reasons put forth above; the 
combination of Boroughs and Fujiyama fails to teach the limitations of claims 34-36 and 
claims 37 and 38 are allowable for the reasons put forth above. 
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With respect to Applicant's argument that Boroughs fails to disclose "a first 
system comprising a processor, the first system configured to at least review security 
and vulnerability information from information publishers and to provide the activation 
token based on filtered security and vulnerability information", in column 2 lines 59-67 
Boroughs describes a distribution (i.e. activation token). These distributions are 
prepared by network security experts and contain information describing newly- 
discovered network attacks (i.e. security and vulnerability information). This information 
can be obtained in one of two ways, either the experts find the attack themselves or 
receive information from one or more other entities. In the first case the experts 
themselves are the "information publishers" otherwise the other entities are the 
information publishers. Furthermore, in order for the experts to create and distribute the 
distribution with information and software, the must be part of a system that has at least 
one processor. Therefore, Boroughs teaches the first system of claim 30. 

With respect to Applicant's argument that Boroughs fails to disclose "a second 
system configured to determine whether the activation token is relevant by checking if 
actual characteristics at the second system correspond to the system characteristics 
identified by the activation token, the second system further configured to transform the 
activation token into at least one activation measure if the activation token is considered 
relevant by the second system the activation measure configured to modify services 
executing at the second system", in column 3 lines 35-67 and column 4 lines 1-5 
Boroughs describes a system that has a facility and subscribers, these entities combine 
to form the "second system" of claim 30. Therefore, the facility determines which 
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distributions are useful to each subscriber and sends them to each subscriber who then 
facilitates the application of the distribution (i.e. transforming the activation token to 
modify services of the second system). Therefore, Boroughs teaches the second 
system of claim 30. 

With respect to Applicant's argument that teaches away from a combination with 
Fujiyama, the fact that Boroughs teaches always installing the distribution does not 
teach away from the selective installation of Fujiyama. Boroughs already teaches 
selectively installing certain distributions based on system characteristics, therefore it 
would be obvious to one of ordinary skill in the art to add the further selection based on 
security level as taught by Fujiyama in order to distinguish between types of threats. 
Therefore, Boroughs does not teach away from the combination and the combination is 
proper. 

Applicant's argument that claim 31 is allowable for the reasons put forth above is 
moot in view of the above response. 

With respect to Applicant's argument that Boroughs fails to teach the limitations 
of claim 32, Boroughs discloses alerting a user based on the received distribution (see 
column 4 lines 1-5) and further as shown in column 2 lines 56-67 the user can be an 
administrator. Therefore, Boroughs teaches the limitations of claim 32. 

Applicant's argument that claim 33 is allowable for the reasons put forth above is 
moot in view of the above response. 

With respect to Applicant's argument that the combination of Boroughs and 
Fujiyama fails to teach the limitations of claims 34-36, as per claim 34, Fujiyama FIG 16 
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shows multiple databases containing the security measures and the system must 
choose one of these databases, if these were not trusted databases the security of the 
system would fail. As per claim 35, the system of Fujiyama shuts down a service based 
on the security level (i.e. increasing the security). In other words if the security would be 
increased a certain amount (i.e. by reducing the threat level) the service would be shut 
down. As per claim 36, Fujiyama teaches reconfiguring the functionality of a service, 
similarly to the shutting down of a service. Therefore the combination teaches the 
limitations of claims 34-36. 

Applicant's argument that claims 37 and 38 are allowable for the reasons put 
forth above is moot in view of the above response. 

Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL PYZOCHA whose telephone number is 
(571)272-3875. The examiner can normally be reached on Monday-Thursday, 7:00am - 
4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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